| View previous topic :: View next topic |
| Author |
Message |
asimon
l33t
Joined: 27 Jun 2002
Posts: 979
Location: Germany, Old Europe
|
 Posted: Thu Jul 17, 2003 10:08 am Post subject: root password in single user mode |
 |
|
How do I enable the root password in single user mode?
Gentoo's default when booting into single user mode is to not request the root password.
Thanks,
Andreas |
|
| Back to top |
|
 |
devon
l33t
Joined: 23 Jun 2003
Posts: 943
|
| Posted: Fri Jul 18, 2003 8:15 am Post subject: |
|
|
| I don't know if it is possible. This is so that if you forget your root password, you can reboot into single user mode and change this. |
|
| Back to top |
|
|
CheshireCat
Guru
Joined: 25 Aug 2002
Posts: 572
|
| Posted: Fri Jul 18, 2003 8:35 am Post subject: |
|
|
I did a little searching for an answer, and this should be possible, but I can't figure out how. Nothing about this behavior in inittab, and the "single" runlevel is empty. It looks like the init scripts for "single" are hard-coded in /sbin/rc, but I couldn't find anything in there about starting a shell in that runlevel. If I could figure out where the shell is getting started...  |
|
| Back to top |
|
|
Biker
Apprentice
Joined: 11 Jun 2003
Posts: 170
Location: A very dark, cold and moisty place...
|
| Posted: Fri Jul 18, 2003 11:57 am Post subject: |
|
|
Unfortunately, I don't know how to password protect the single user mode. Actually, I belive it's designed that way. Kind'a like going back to the DOS times. It's your computer, do what you want with it.
(I may be wrong, of course. It wouldn't be the first time.) 
OTOH, if you're interested in securing your system more than many "ordinary" installations, I suggest:
Set the BIOS to only boot from your HD. (No floppy, no CD)
Password protect your BIOS setup.
Set a password on Grub/LILO to avoid someone providing boot parameters.
Put a physical lock on the computer box.
Attach the box to [floor|wall|roof|heavyitem]
Lock the computer room.
Put a guard outside?
You may or may not want to go all the way through the list, but it should give you a good starting point. At home, I use the three first points. It gives a good balance between security from my son and comfort plus is still very cost effective.
Biker |
|
| Back to top |
|
|
zhenlin
Veteran
Joined: 09 Nov 2002
Posts: 1361
|
| Posted: Fri Jul 18, 2003 1:22 pm Post subject: |
|
|
I believe Gentoo previously forced sulogin if booting into single.
The file you are looking for... /sbin/rc |
|
| Back to top |
|
|
Genone
Retired Dev
Joined: 14 Mar 2003
Posts: 9614
Location: beyond the rim
|
| Posted: Fri Jul 18, 2003 2:19 pm Post subject: |
|
|
| Password for single user mode is stupid, because if you can boot in single user mode you can also add "init=/bin/sh" to the kernel parameter list and boot into a shell circumventing init. It adds nothing to security (unless you really secured your bootloader, bios and hardware as mentioned by Biker) but gives a false feeling of security. |
|
| Back to top |
|
|
zhenlin
Veteran
Joined: 09 Nov 2002
Posts: 1361
|
| Posted: Fri Jul 18, 2003 3:45 pm Post subject: |
|
|
| I know. But also, Gentoo previously started all boot services in single, but now doesn't start any. Really minimal... |
|
| Back to top |
|
|
|
Networking & Security
